- Also show future news items if the "show all news items" option is selected (see #419).
- Correctly copy multiple events into an empty calendar (see #427).
- Correctly check the permissions to create form fields (see #414).
- Fix the save callback in the back end password module (see #429).
- Correctly handle dates in the calendar bundle (see #428).
- Invalidate the user sessions if a password changes (see CVE-2019-10641).
- Make custom layout section titles and IDs mandatory (see #341).
- Prevent using reserved layout section IDs in custom layout sections (see #301).
- Show the video elements headline in the back end preview (see #382).
- Fix the format selection in the image size widget (see #315).
- Ignore a
.public
file in the root files directory (see #286). - Correctly load MooTools via CDN (see #318).
- Do not double decode URL fragments (see #321).
- Correctly replace insert tags if the page contains invalid characters (see #349).
- Validate the primary key when registering or saving a model (see #230).
- Exempt the "page" insert tag from caching (see #284).
- Correctly sort the tree view records if there is an active filter (see #269).
- Fix two routing issues (see #263, #264).
- Support comma separated values in
Model::getRelated()
(see #257). - Do not check the user's file permissions in the template editor (see #224).
- Do not show pretty errors if "text/html" is not accepted (see #249).
- Return
null
inModel::findMultipleByIds()
if there are no models (see #266). - Restore compatibility with Doctrine DBAL 2.9 (see #256).
- Correctly check the permission to move child records as non-admin user (see #247).
- Do not parse form templates twice (see #214).
- Prevent information disclosure through incorrect access control in the back end (see CVE-2018-20028).
- Fix a compatibility issue with Doctrine DBAL 2.9 (see #212).
- Do not convert line breaks in table cells if there are HTML block elements (see #159).
- Automatically enable image sizes created by regular users (see contao/core#8836).
- Handle unknown languages in the meta editor (see #127).
- Correctly rebuild the symlinks in the maintenance module (see #150).
- Check the member status when sending newsletters (see contao/core#8812).
- Fix the schema.org markup of the breadcrumb menu (see contao/core-bundle#1561).
- Allow to set the target directory when installing the web directory (see #142).
- Correctly render the back end forms in Firefox (see #79).
- Show the info messages in the DropZone uploader (see #83).
- Fix an error when creating new pages (see #63).
- Correctly detect Chrome on iOS in the environment class (see #61).
- Optimize generating sitemaps (see contao/core#6830).
- Use min-height for .w50 widgets in the back end (see contao/core#8864).
- Prevent arbitrary code execution through .phar files (see CVE-2018-17057).
- Ignore the "uncached" insert tag flag in the unknown insert tags (see #48).
- Make the ID of the subscription modules unique (see #40).
- Use the correct table when handling root nodes in the picker (see #44).
- Replace the
Set-Cookie
header when merging HTTP headers (see #35).
- Do not merge the session cookie header (see #11, #29).
- Update the list of countries (see #12).
- Correctly set the back end headline for custom actions (see contao/newsletter-bundle#23).
- Remove support for deprecated user password hashes (see contao/core-bundle#1608).
- Fix the MySQL 8 compatibility (see contao/installation-bundle#93).
- Revert the intermediate maintenance mode fix (see contao/manager-bundle#78).
- Make the session listener compatible with Symfony 3.4.12.
- Show the 404 page if there is no match in the set of potential pages (see contao/core-bundle#1522).
- Correctly calculate the nodes when initializing the picker (see contao/core-bundle#1535).
- Do not re-send the activation mail if auto-registration is disabled (see contao/core-bundle#1526).
- Remove the app_dev.php/ fragment when generating sitemaps (see contao/core-bundle#1520).
- Show the 404 page if a numeric aliases has no url suffix (see contao/core-bundle#1508).
- Fix the schema.org markup so the breadcrumb is linked to the webpage (see contao/core-bundle#1527).
- Reduce memory consumption during sitemap generation (see contao/core-bundle#1549).
- Correctly handle spaces when opening nodes in the file picker (see contao/core-bundle#1449).
- Disable the maintenance mode for local requests (see contao/core-bundle#1492).
- Correctly blacklist unsubscribed recipients (see contao/newsletter-bundle#21).
- Use a given e-mail address in the unsubscribe module (see contao/newsletter-bundle#12).
- Delete old subscriptions if the new e-mail address exists (see contao/newsletter-bundle#19).
- Fix an XSS vulnerability in the system log (see CVE-2018-10125).
- Correctly highlight all keywords in the search results (see contao/core-bundle#1461).
- Log unknown insert tag (flags) in the system log (see contao/core-bundle#1182).
- Correctly hide empty custom layout sections (see contao/core-bundle#1115).
- Preserve the container directory when purging the cache.
- Suppress error messages in production (see contao/core-bundle#1422).
- Correctly duplicate recipients if a channel is duplicated (see contao/newsletter-bundle#15).
- Correctly link to the picker from the TinyMCE link menu (see contao/core-bundle#1415).
- Do not make the response private when saving the session (see contao/core-bundle#1388).
- Improve the folder hashing performance (see contao/core#8856).
- Correctly render the article list if there are no articles (see contao/core-bundle#1351).
- Do not log custom insert tags as "unknown" if they have been replaced (see contao/core-bundle#1295).
- Show redirect pages with unpublished targets in the front end preview.
- Log database connection errors (see contao/core-bundle#1324).
- Remove "allow_reload" in favor of the "expect" header (see terminal42/header-replay-bundle#11).
- Quote reserved words in database queries (see contao/core-bundle#1262).
- Correctly render external links in the
event_teaser
template (see contao/calendar-bundle#21). - Do not remove old subscriptions not related to the selected channels (see contao/core#8824).
- Do not resend activation mails for active members (see contao/core-bundle#1234).
- Order the files by name when selecting folders in the file picker (see contao/core-bundle#1270).
- Optimize inserting keywords into tl_search_index (see contao/core-bundle#1277).
- The assets:install command requires the application to be set in Symfony 3.4 (see contao/installation-bundle#81).
- Revert 'Quote reserved words in database queries (see contao/core-bundle#1262)'.
- Quote reserved words in database queries (see contao/core-bundle#1262).
- Only add _locale if prepend_locale is enabled (see contao/core-bundle#1257).
- Add the missing options array in the CommentsModel class (see contao/comments-bundle#9).
- Use the schema filter in the install tool (see contao/installation-bundle#78).
- Show the "invisible" field when editing a form field (see contao/core-bundle#1199).
- Only add pages requested via GET to the search index (see contao/core-bundle#1194).
- Fix the Encrption class not supporting PHP 7.2 (see contao/core#8820).
- Handle single file uploads in FileUpload::getFilesFromGlobal() (see contao/core-bundle#1192).
- Do not always create a new version when an event is saved (see contao/news-bundle#26).
- Use a simpler lock mechanism in the install tool (see contao/installation-bundle#73).
- Prevent SQL injections in the back end search panel (see CVE-2017-16558).
- Prevent SQL injections in the listing module (see CVE-2017-16558).
- Support class named services in System::import() and System::importStatic() (see contao/core-bundle#1176).
- Only show pretty error screens on Contao routes (see contao/core-bundle#1149).
- Show broken images in the file manager (see contao/core-bundle#1116).
- Copy the existing referers if a new referer ID is initialized (see contao/core-bundle#1117).
- Stop using the TinyMCE gzip compressor (deprecated since 2014).
- Prevent the User::authenticate() method from running twice (see contao/core-bundle#1067).
- Filter multi-day events outside the scope in the event list (see contao/core#8792).
- Bind the lock file path to the installation root directory (see contao/core-bundle#1107).
- Correctly select the important part in the modal dialog (see contao/core-bundle#1093).
- Correctly handle unencoded data images in the Combiner (see contao/core#8788).
- Do not add a suffix when copying if the "doNotCopy" flag is set (see contao/core#8610).
- Use the module type as group header if sorted by type (see contao/core#8402).
- Fix the setEmptyEndTime() save_callback (see contao/calendar-bundle#10).
- Correctly show multi-day events if the shortened view is disabled (see contao/core#8782).
- Fall back to the URL if there is no link title (see contao/core-bundle#1081).
- Correctly calculate the intersection of the root nodes with the mounted nodes (see contao/core-bundle#1001).
- Catch the DriverException if the database connection fails (see contao/managed-edition#27).
- Fix the back end theme.
- Check if the session has been started before using the flash bag.
- Catch the DriverException if the database connection fails (see contao/managed-edition#27).
- Show the form submit buttons at the end of the form instead of at the end of the page.
- Do not add the referer ID in the Template::route() method (see contao/core-bundle#1033).
- Correctly read the newsletter channel target page in the newsletter list (see contao/newsletter-bundle#7).
- Correctly assign the form CSS ID (see contao/core-bundle#956).
- Fix the referer management in the back end (see contao/core#6127).
- Also check for a front end user during header replay (see contao/core-bundle#1008).
- Encode the username when opening the front end preview as a member (see contao/core#8762).
- Correctly assign the CSS media type in the combiner.
- Warm up the Symfony cache after the database credentials have been set (see contao/installation-bundle#63).
- Check if the Contao framework has been initialized when adding the UA string (see contao/standard-edition#64).
- Adjust the command scheduler listener so it does not rely on request parameters (see contao/core-bundle#955).
- Rewrite the DCA picker (see contao/core-bundle#950).
- Prevent arbitrary PHP file inclusions in the back end (see CVE-2017-10993).
- Correctly handle subpalettes in "edit multiple" mode (see contao/core-bundle#946).
- Correctly show the DCA picker in the site structure (see contao/core-bundle#906).
- Correctly update the style sheets if a format definition is enabled/disabled (see contao/core-bundle#893).
- Always show the "show from" and "show until" fields (see contao/core-bundle#908).
- Correctly set the "overwriteMeta" field during the database update (see contao/core-bundle#888).
- Fix the "save and go back" function (see contao/core-bundle#870).
- Update all Contao components to their latest version.
- Regenerate the symlinks after importing a theme (see contao/core-bundle#867).
- Only check "gdMaxImgWidth" and "gdMaxImgHeight" if the GDlib is used to resize images (see contao/core-bundle#826).
- Improve the accessibility of the CAPTCHA widget (see contao/core#8709).
- Re-add the "reset selection" buttons to the picker (see contao/core-bundle#856).
- Trigger all the callbacks in the toggleVisibility() methods (see contao/core-bundle#756).
- Only execute the command scheduler upon the "contao_backend" and "contao_frontend" routes (see contao/core-bundle#736).
- Correctly set the important part in "edit multiple" mode (see contao/core-bundle#839).
- Remove the broken alias transliteration (see contao/core-bundle#848).
- Tweak the back end template.
- Add the "allowed member groups" setting (see contao/core#8528).
- Hide the CAPTCHA field by default by adding a honeypot field (see contao/core-bundle#832).
- Add the "href" parameter to the article list (see contao/core-bundle#694).
- Show both paths and UUIDs in the "show" view (see contao/core-bundle#793).
- Do not romanize file names anymore.
- Improve the back end breadcrumb menu (see contao/core-bundle#623).
- Correctly render the image thumbnails (see contao/core-bundle#817).
- Use the "file" insert tag in the file picker where applicable (see contao/core#8578).
- Update the Punycode library to version 2 (see contao/core-bundle#748).
- Always add custom meta fields to the templates (see contao/core-bundle#717).
- Notify subscribers of replies (see contao/core#8565).
- Ignore tables not starting with "tl_" in the install tool (see contao/installation-bundle#51).
- Re-add the "sqlCompileCommand" hook (see contao/installation-bundle#51).
- Purge the opcode caches after deleting the Symfony cache (see contao/contao-manager#80).
- Show a "no results" notice if a search does not return any results (see contao/core#7705).
- Warn if another user has edited a record when saving it (see contao/core-bundle#809).
- Optimize the element preview height (see contao/core-bundle#810).
- Use the file meta data by default when adding an image (see contao/core-bundle#807).
- Use the kernel.project_dir parameter (see contao/core-bundle#758).
- Disable the "publish" checkbox if a parent folder is public (see contao/core-bundle#712).
- Improve the findByIdOrAlias() method (see contao/core-bundle#729).
- Make sure that all modules can have a custom template (see contao/core-bundle#704).
- Remove the popupWidth and popupHeight parameters in the file manager (see contao/core-bundle#727).
- Remove the cron.txt file (see contao/core-bundle#753).
- Allow to disable input encoding for a whole DCA (see contao/core-bundle#708).
- Add the DCA picker (see contao/core-bundle#755).
- Allow to manually pass a value to any widget (see contao/core-bundle#674).
- Only prefix an all numeric alias when standardizing (see contao/core-bundle#707).
- Support using objects in callback arrays (see contao/core-bundle#699).
- Support importing form field options from a CSV file (see contao/core-bundle#444).
- Add a Doctrine DBAL field type for UUIDs (see contao/core-bundle#415).
- Support custom back end routes (see contao/core-bundle#512).
- Add the contao.image.target_dir parameter (see contao/core-bundle#684).
- Match the security firewall based on the request scope (see contao/core-bundle#677).
- Add the contao.web_dir parameter (see contao/installation-bundle#40).
- Look up the form class and allow to choose the type (see contao/core#8527).
- Auto-select the active page in the quick navigation/link module (see contao/core#8587).
- Extended reporting if the script handler fails (see contao/manager-bundle#27).
- Set prepend_locale to false (see contao/core-bundle#785).
- Change the maintenance lock file path (see contao/core-bundle#728).
- Add basic security (see contao/standard-edition#54).